Configuration IPSec on version 2.3.2



  • Hello,

    after upgrade from version 2.1.5 to 2.3.2 the Mobile IPSec with NCP VPN Client on Andorid and shrewsoft on Windows didn't work anymore :'(
    Had anyone an description howto configure this or an configuration who ist working, so that IPSec is working again as in 2.1.5?

    This is the current Logfile:

    Nov 25 09:45:26  charon      05[ENC] <7> received unknown vendor ID: cb:e7:94:44:a0:87:0d:e4:22:4a:2c:15:1f:bf:e0:99
    Nov 25 09:45:26  charon      05[ENC] <7> received unknown vendor ID: c6:1b:ac:a1:f1:a6:0c:c1:08:00:00:00:00:00:00:00
    Nov 25 09:45:26  charon      05[IKE] <7> received FRAGMENTATION vendor ID
    Nov 25 09:45:26  charon      05[IKE] <7> received Cisco Unity vendor ID
    Nov 25 09:45:26  charon      05[IKE] <7> xxx.xx.1.108 is initiating a Aggressive Mode IKE_SA
    Nov 25 09:45:26  charon      05[CFG] <7> looking for pre-shared key peer configs matching xx.xxx.27.15…xxx.xx.1.108[test@test.de]
    Nov 25 09:45:26  charon      05[CFG] <7> selected peer config "con1"
    Nov 25 09:45:26  charon      05[IKE] <con1|7>no shared key found for 'xx.xxx.27.15'[xx.xxx.27.15] - 'test@test.de'[xxx.xx.1.108]
    Nov 25 09:45:26  charon      05[ENC] <con1|7>generating INFORMATIONAL_V1 request 1881593601 [ N(INVAL_KE) ]
    Nov 25 09:45:26  charon      05[NET] <con1|7>sending packet: from xx.xxx.27.15[500] to xxx.xx.1.108[44436] (56 bytes)
    Nov 25 09:45:30  charon      05[NET] <8> received packet: from xxx.xx.1.108[44436] to xx.xxx.27.15[500] (948 bytes)
    Nov 25 09:45:30  charon      05[ENC] <8> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V ]
    Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: da:8e:93:78:80:01:00:00
    Nov 25 09:45:30  charon      05[IKE] <8> received XAuth vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received NAT-T (RFC 3947) vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received DPD vendor ID
    Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: eb:4c:1b:78:8a:fd:4a:9c:b7:73:0a:68:d5:6d:08:8b
    Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: cb:e7:94:44:a0:87:0d:e4:22:4a:2c:15:1f:bf:e0:99
    Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: c6:1b:ac:a1:f1:a6:0c:c1:08:00:00:00:00:00:00:00
    Nov 25 09:45:30  charon      05[IKE] <8> received FRAGMENTATION vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> received Cisco Unity vendor ID
    Nov 25 09:45:30  charon      05[IKE] <8> xxx.xx.1.108 is initiating a Aggressive Mode IKE_SA
    Nov 25 09:45:30  charon      05[CFG] <8> looking for pre-shared key peer configs matching xx.xxx.27.15…xxx.xx.1.108[test@test.de]
    Nov 25 09:45:30  charon      05[CFG] <8> selected peer config "con1"
    Nov 25 09:45:30  charon      05[IKE] <con1|8>no shared key found for 'xx.xxx.27.15'[xx.xxx.27.15] - 'test@test.de'[xxx.xx.1.108]
    Nov 25 09:45:30  charon      05[ENC] <con1|8>generating INFORMATIONAL_V1 request 2308373839 [ N(INVAL_KE) ]
    Nov 25 09:45:30  charon      05[NET] <con1|8>sending packet: from xx.xxx.27.15[500] to xxx.xx.1.108[44436] (56 bytes)
    Nov 25 09:46:24  charon      12[CFG] rereading secrets
    Nov 25 09:46:24  charon      12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
    Nov 25 09:46:24  charon      12[CFG] loaded IKE secret for test@test.de
    Nov 25 09:46:24  charon      12[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
    Nov 25 09:46:24  charon      12[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
    Nov 25 09:46:24  charon      12[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
    Nov 25 09:46:24  charon      12[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
    Nov 25 09:46:24  charon      12[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
    Nov 25 09:46:24  charon      12[CFG] received stroke: unroute 'bypasslan'
    Nov 25 09:46:24  ipsec_starter  5316  shunt policy 'bypasslan' uninstalled
    Nov 25 09:46:24  charon      13[CFG] received stroke: delete connection 'bypasslan'
    Nov 25 09:46:24  charon      13[CFG] deleted connection 'bypasslan'
    Nov 25 09:46:24  charon      09[CFG] received stroke: delete connection 'con1'
    Nov 25 09:46:24  charon      09[CFG] deleted connection 'con1'
    Nov 25 09:46:24  charon      13[CFG] received stroke: add connection 'bypasslan'
    Nov 25 09:46:24  charon      13[CFG] added configuration 'bypasslan'
    Nov 25 09:46:24  charon      08[CFG] received stroke: route 'bypasslan'
    Nov 25 09:46:24  ipsec_starter  5316  'bypasslan' shunt PASS policy installed
    Nov 25 09:46:24  charon      14[CFG] received stroke: add connection 'con1'
    Nov 25 09:46:24  charon      14[CFG] added configuration 'con1'

    Thanks</con1|8></con1|8></con1|8></con1|7></con1|7></con1|7>